Privacy Policy

RecipeParse (“we”, “our”, “us”) operates the RecipeParse API and website at ai-recipe-parser.sahilsharma.org. We provide AI-powered ingredient parsing and recipe structuring services to developers and businesses.

If you have questions about this policy, contact us at [email protected].

We collect the following categories of information:

Account information

When you sign up, we collect your name, email address, and billing details. Billing is processed by Stripe — we never store raw card numbers on our servers.

API usage data

Every API request is logged with: timestamp, endpoint called, credit cost, response time, cache hit/miss, and your tenant ID. We use this to power your usage dashboard, enforce plan limits, and debug issues.

Recipe and ingredient text

When you call the parse API, your ingredient strings and method steps are sent to our servers and to the Anthropic Claude API for processing. Successful parses are cached in our database (keyed by a SHA-256 hash of the input) for up to 30 days to reduce redundant API calls. We do not use your recipe data to train models.

Technical data

We collect IP addresses, browser/client type, and request metadata for security monitoring and rate limiting. This data is retained for 90 days.

Analytics

Our website uses Google Analytics and PostHog to understand how visitors use the site. Both are configured to anonymise IP addresses. You can opt out by enabling Do Not Track in your browser or using a browser extension.

We use collected data to:

• Provide and operate the RecipeParse API service
• Authenticate requests and enforce plan limits and rate limits
• Calculate and display usage in your dashboard
• Process payments through Stripe
• Send transactional emails (account creation, invoices, plan changes)
• Investigate abuse, security incidents, and API errors
• Improve our service based on aggregate usage patterns

We do not sell your data. We do not use your recipe inputs for advertising or marketing.

We share data with the following third parties only to the extent necessary to operate the service:

All providers are required to handle data in accordance with applicable privacy laws. Anthropic's data handling practices are governed by their Privacy Policy.

• Parse cache: 30 days from last access, then automatically deleted
• Usage logs: 12 months, then aggregated and anonymised
• Account data: Retained while your account is active, then deleted 30 days after account closure
• Billing records: Retained for 7 years as required by Australian tax law
• Security logs (IP, request metadata): 90 days

Depending on your location, you may have rights under the Australian Privacy Act 1988, GDPR, or similar legislation including:

• Access — request a copy of the personal data we hold about you
• Correction — ask us to fix inaccurate or incomplete data
• Deletion — request deletion of your account and associated data
• Portability — receive your data in a machine-readable format
• Objection — object to processing of your data for marketing purposes

To exercise any of these rights, email [email protected]. We will respond within 30 days.

We take reasonable technical and organisational measures to protect your data, including:

• All data transmitted over HTTPS/TLS
• Secrets stored in Google Cloud Secret Manager, never in source code
• Database access restricted to Cloud Run service accounts via Cloud SQL Auth Proxy
• API keys hashed before storage — we cannot recover a key after it is issued
• Rate limiting and abuse detection on all API endpoints

No system is completely secure. If you discover a security vulnerability, please report it responsibly to [email protected].

We use the following cookies:

• Session cookie — keeps you logged in to the dashboard (essential)
• PostHog — analytics, stored in localStorage (can be blocked via Do Not Track)
• Google Analytics — analytics, opt-out via browser extension

We do not use advertising cookies or sell cookie data to third parties.

We may update this policy from time to time. When we do, we will update the effective date at the top of this page and notify account holders by email for material changes. Continued use of the service after changes constitutes acceptance of the updated policy.